Network Security: Detailed info on ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning m

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning m

from [Amit Klein] Network Security

[Permanent Link]

Subject:	ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure")
Date:	Mon, 25 Dec 2006 20:46:44 +0200

Hi

In the writeup named "Host header cannot be trusted as an anti anti DNS-pinning measure" (submitted September 7th, 2006) I erroneously attributed one of the references to the wrong person. The correct text should read:

[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or earlier) http://viper.haque.net/~timeless/blog/11/

The original (wrong) text attributed this reference to Mohammad A. Haque, who owns the viper.haque.net website, but (in my current understanding) did not write the referenced text (my understanding now is that http://viper.haque.net/~timeless/ actually belongs to "timeless", a different individual).

This mistake also occurred in a response I wrote to a thread "Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript" in the WebSecurity mailing list (http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.html).

I'm sorry for the confusion.
-Amit

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein <= Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns

Previous by Date:	Preliminary Call For Papers: OWASP 2007 Europe, Frank Piessens
Next by Date:	Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns
Previous by Thread:	Preliminary Call For Papers: OWASP 2007 Europe, Frank Piessens
Next by Thread:	Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns
Indexes:	[Date] [Thread] [Top] [All Lists]